WannaCry invasion preventable with patch, security updates: Kaspersky

A massive number of organisations across the globe have been targeted by the malware since May 12.

Hackers used the Trojan encrypter WannaCry to lock computers and demand a payment for the decryption. So far, it has hit more than 200,000 computers in 150 countries, crippling hospitals, governments and businesses, Xinhua news agency reported.

WannaCry takes advantage of the Windows exploit series known as Eternal Blue which exploits a vulnerability that Microsoft patched in security update MS17-010 on March 14, to gain remote access to users' computers and install malicious driver programmes before locking files and demanding a ransom, Kaspersky told Xinhua.

According to a statement provided by Kaspersky, its computer system monitoring tool has detected 11 kinds of such malicious programmes that WannaCry uses to encrypt computer files.

The cyber security provider warned against using the means of decryption offered on the Internet or received in emails, as WannaCry's encryption algorithm can not be decoded with existing methods, which, worse still, may cause even greater harm to the infected computer and others connected to it, thus accelerating the propagation.

Currently, the only right approach in case of a WannaCry infection that has been found effective is system reinstallment at the expense of encrypted file, Kaspersky said.

"If you find that your computer has been infected, you should turn it off and contact the information security service for further instruction," Kaspersky said.

Noting that precautions play a crucial part in defending against the WannaCry virus, Kaspersky suggests users install an official patch from Microsoft that closes the vulnerability used in the attack as well as upgrade the security software scanning critical areas at all time to detect potential infection as early as possible.

It is also suggested to create file backup copies on a regular basis and store copies on storage devices that are not constantly connected to the computer.

For computers within corporate networks, once an attack is spotted, disconnection of the invaded computer from the Internet and internal networks needs to be done immediately.

In addition, while unpatched Windows computers can be remotely attacked with the Eternal Blue exploit and infected by the WannaCry ransomware, the lack of existence of this vulnerability does not really prevent the ransomware component from working, Kaspersky said.

"Nevertheless, the presence of this vulnerability appears to be the most significant factor that caused the outbreak," it said.

At present, network security companies, including Kaspersky, are developing more effective means of fighting the WannaCry virus and decoding maliciously encrypted files, and relevant information will be released in a timely manner, Kaspersky said.

Tag Cloud

Tags

About Us

The Finapolis helps you grow your money. We offer insightful journalism, credible research and actionable advice suitable to every Indian taxpayer, making us a one stop destination for your personal finance needs.

Disclaimer

The technical studies / analysis discussed here can be at odds with our fundamental views / analysis. The information and views presented in this report are prepared by Karvy Consultants Limited. The information contained herein is based on our analysis and upon sources that we consider reliable. We, however, do not vouch for the accuracy or the completeness thereof. This material is for personal information and we are not responsible for any loss incurred based upon it. The investments discussed or recommended in this report may not be suitable for all investors. Investors must make their own investment decisions based on their specific investment objectives and financial position and using such independent advice, as they believe necessary. While acting upon any information or analysis mentioned in this report, investors may please note that neither Karvy nor Karvy Consultants nor any person connected with any associate companies of Karvy accepts any liability arising from the use of this information and views mentioned in this document. The author, directors and other employees of Karvy and its affiliates may hold long or short positions in the above mentioned companies from time to time. Every employee of Karvy and its associate companies is required to disclose his/her individual stock holdings and details of trades, if any, that they undertake. The team rendering corporate analysis and investment recommendations are restricted in purchasing/selling of shares or other securities till such a time this recommendation has either been displayed or has been forwarded to clients of Karvy. All employees are further restricted to place orders only through Karvy Consultants Ltd. This report is intended for a restricted audience and we are not soliciting any action based on it. Neither the information nor any opinion expressed herein constitutes an offer or an invitation to make an offer, to buy or sell any securities, or any options, futures or other derivatives related to such securities.